Where the real conversations in privacy happen

Big Data’s Thirst Is Driving Change in Minimization Philosophy

The recent National Security Administration (NSA) revelations demonstrate a broader trend: A retreat from minimization in collection and a move toward minimization in use. If you trust the collector not to break the rules, then a collect-first, minimize-later privacy model shouldn’t present a privacy impact, but recent revelations by The Washington Post have shown what happens when the collector becomes distrusted.

First, let’s not pretend there aren’t plenty of tools for guidance on when to apply minimization. The Fair Information Practices from the U.S. Department of Health, Education and Welfare, 1973, require collection limitations; the Privacy Guidelines from the Organization of Economic Cooperation and Development, 1980, require collection limitations; the EU Data Protection Directive 95/46/EC, 1995, in Article 6 addresses data minimization by specifying that personal data must only be “collected for specified, explicit and legitimate purposes;” and the White House's Consumer Privacy Bill of Rights, 2012, includes a right to focused collection, which places "reasonable limits on the personal data that companies collect and retain." It's clear that data minimization at the time of collection is broadly recognized as a fundamental privacy principle.

So what has changed?

Why, after decades of focus on collection as the point of minimization, has there been interest in applying minimization at the time of use? Two words: Big Data.

The Big Data business model threatens data minimization at the time of collection. In order to receive the benefits of Big Data, there has to be lots of data. When traditional minimization at the time of collection is challenged by the desire to benefit from large stores of data, privacy principles must be balanced against other societal values. Modern privacy scholars such as Omer Tene and Jules Polonetsky, have called for "a risk matrix, taking into account the value of different uses of data against the potential risks to individual autonomy and privacy" because minimizing information collection isn't always a practical approach in the age of Big Data.

While this focus on balancing values is important, the role of trust needs to be further developed. How can we develop systems that engender trust? How can we train people so that we can have faith that they will not abuse the systems they have access to? The more I think about it, the more I think Bruce Schneier has it right, we need to focus on “enabling the trust that society needs to thrive.”

Written By

Andrew Clearwater, CIPP/US

0 Comments

If you want to comment on this post, you need to login

Related

The Republican National Committee (RNC) has offered to share its voter file with Donald Trump’s presidential campaign, Yahoo Politics reports. The RNC has the names, voting history and consumer data of roughly 250 million Americans, the report states. The Trump campaign’s attorneys are reviewing the data-sharing agreement, which has been offered to all 17 of the Republican presidential candidates, 11 of whom signed off on it. The RNC said every indication points to Trump entering into the agreem...
Read more

Erick Iriarte of Iriarte & Asociados writes for Privacy Tracker about a new law decreed by Peru’s executive branch under delegated powers. The law requires telecommunications companies to collect and retain consumer geolocation data and make it available to law enforcement without a warrant. According to the decree, its purpose is to “regulate the access of the specialized unit of the National Police of Peru, in cases of flagrante delicto, to the location and geolocation of mobile phones or electronic devices of similar nature.” Iriarte outlines the main provisions of the law, noting its “worthy” intentions; however, he goes on to call it a law “with a dramatic effect but not effective” and asks how it will improve “the delayed coordination between the police, prosecutors and judges.”
Read more

Parliament’s Science and Technology Committee plans to assess whether the government is doing enough to help UK entrepreneurs make the most of the increasing availability of data and the power of analytics software, Out-Law.com reports. The committee will also look at data protection and privacy, the report states. “Growth in computing power continues at a remarkable pace, bringing enormous economic and social opportunities as new public and private services are developed using big data sets,” s...
Read more

EDRi’s Protecting Digital Freedom reports the European Commission (EC) has said it “will continue monitoring legislative developments at the national level” for EU data retention laws. The EC sent the response “to the letter we sent on 2 July 2015 asking the commission to investigate illegal data retention laws in the European Union,” the report states, citing an analysis from EDRi and the Electronic Frontier Finland, IT-Political Association of Denmark, Open Rights Group, Panoptykon and others ...
Read more

At the 2015 ALP National Conference, NSW Labor member Jo Haylen called for reform of the country’s mandatory data retention legislation, arguing that the law asks Australians to "sacrifice their privacy supposedly for the sake of security,” CNET reports. “Proponents of metadata retention say those who do nothing wrong have nothing to fear, but these laws help create a culture of fear,” Haylen said, describing it as a “culture where we are all under suspicion and subject to heightened mass survei...
Read more

Tags

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.Learn more

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.